AWS Security Blog

Category: AWS Identity and Access Management (IAM)

How to Enable Cross-Account Access to the AWS Management Console

July 26, 2017, update: We recommend that you use cross-account access by switching roles in the AWS Management Console. Also see the related documentation: Switching to a Role (AWS Management Console). Last December we described how you can delegate access to your AWS account using IAM roles. Using IAM roles, you can take advantage of […]

Read More

What to Do If You Inadvertently Expose an AWS Access Key

Keeping your AWS keys secure is one of the most important things you can do. This week Will Kruse, Security Engineer on the AWS Identity and Access Management (IAM) team, explains the steps to safeguard your account in the event you inadvertently expose your AWS access key. Your AWS credentials (access key ID and secret access […]

Read More

IAM User Sign-in Page Changes

Today, AWS updated the sign-in experience for IAM users accessing AWS websites such as the AWS Management Console, Support, or Forums. As previously announced, the new sign-in experience continues to provide the same functionality as the previous one, it but provides a more consistent experience for IAM users when signing in to AWS account whether it […]

Read More

An In-Depth Look at the IAM Policy Simulator

This week’s guest blogger, Ajith Ranabahu, Software Development Engineer on the AWS Identity and Access Management (IAM) team, presents an in-depth look at the IAM policy simulator. Many of you have asked about how to author and troubleshoot access control policies. To help with this task, last year we launched the policy simulator, which makes it easier […]

Read More

Coming Soon! An Important Change to How You Manage Your AWS Account’s Access Keys

As part of our ongoing efforts to help keep your resources secure, on April 21, 2014, AWS removed the ability to retrieve existing secret access keys for your AWS (root) account. See the updated blog post Where’s My Secret Access Key? for more information about access keys and secret access keys. -Kai

Read More

Read What Others Recommend for IAM Best Practices

Here on the AWS Security Blog we’ve published several posts that recommend IAM best practices. We’re pleased to find that third-party bloggers are adding their own voices. Codeship, a company that provides a continuous code deployment and testing service, just published a great post about how to secure your AWS account using Identity and Access […]

Read More

High-Availability IAM Design Patterns

Today Will Kruse, Senior Security Engineer on the AWS Identity and Access Management (IAM) team, provides a tutorial on how to enable resiliency against authentication and authorization failures in an application deployed on Amazon EC2 using a high availability design pattern based on IAM roles. Background Many of you invest significant effort to ensure that a […]

Read More

How Do I Protect Cross-Account Access Using MFA?

Today AWS announced support for adding multi-factor authentication (MFA) for cross-account access. In this blog post, I will walk you through a common use case, including a code sample, which demonstrates how to create policies that enforce MFA when IAM users from one AWS account make programmatic requests for resources in a different account. Many […]

Read More

Dilbert Learns to Set Up Temporary Credentials

It seems that the topic of using temporary security credentials has been coming up at lot recently. Several weeks ago Rich Mogull expressed his chagrin for not using temporary credentials in his post titled, “My $500 Cloud Security Screw-up”. And over the weekend Scott Adams published a Dilbert comic poking fun of Dilbert not understanding […]

Read More